* #@$&% SECURITY

As you know, securing your networks requires vigilance and a lot of work. However, you ignore security at your peril, risking your job and possibly your company's entire future. But when you adopt the right mind-set, security tasks aren't so bad. What's important is to address security problems before it's too late.

Best practice (and common sense) dictates that the best way to approach security is from the outside in. In other words, list all possible sources of security breaches and examine your network from the source's viewpoint. Sources might include intruders, customers, inhouse computer and network support technicians, and employees.

The source of a security risk and his or her motivations will help you to determine which risks to address when implementing preventive measures. For low-profile locations, such as most small businesses, basic precautions are usually enough to keep casual intruders at bay. Although higher levels of security (e.g., border servers, gateways) are effective, they aren't usually worth the trouble and expense. At more high-profile institutions, such as local governments or schools, you must consider your resources tempting targets for local intruders. A casual intruder will give up after a port scan and a few probes, but a determined intruder might spend days, weeks, or longer attempting to access a target.

Of course, you shouldn't ignore internal risk factors. Just one disgruntled employee can take down your system, delete your data, and destroy all onsite backups. Without the proper safeguards, you might not be able to identify the perpetrator—and even if you can, such people rarely have the financial resources to pay restitution. Sabotage is another insidious risk that you might never even detect. Proper safeguards are essential.

The first step is to educate yourself—what you don't know can hurt you and your employer. After you gain an understanding of the risks and the sources, bring your employer into the loop. If you determine that you're sitting on a honeypot that will attract determined intruders, then the sooner you establish physical security, firewalls, and borders, the better off your organization will be. If your employer doesn't take the risks seriously, you might want to document your meetings. Don't take a fall for someone else's inaction.

To begin your self-education, I highly recommend that you read the book "Hacking Exposed: Network Security Secrets & Solutions, Third Edition" (Osborne McGraw-Hill, 2001). The book might seem intimidating at first glance, but it's very accessible.http://amazon.com/exec/obidos/asin/0072193816